libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

13647 Added null checks and some comments/questions for discussions. Will be squashed later if accepted.

Browse source
This commit is contained in:
Sebastian Schuster 2022-08-12 09:42:29 +02:00 committed by Pedro Igor
parent 53472e097c
commit 916cfbbaf1
6 changed files with 26 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
services/src/main/java/org/keycloak/services/resources/admin/permissions/ClientPermissions.java
View file

@ -93,6 +93,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
private void initialize(ClientModel client) {
ResourceServer server = root.findOrCreateResourceServer(client);
if (server==null) return;
Scope manageScope = manageScope(server);
if (manageScope == null) {
manageScope = authz.getStoreFactory().getScopeStore().create(server, AdminPermissionManagement.MANAGE_SCOPE);
@ -291,6 +292,7 @@ class ClientPermissions implements ClientPermissionEvaluator, ClientPermissionM
@Override
public Map<String, String> getPermissions(ClientModel client) {
if (authz == null) return null;
initialize(client);
Map<String, String> scopes = new LinkedHashMap<>();
scopes.put(AdminPermissionManagement.VIEW_SCOPE, viewPermission(client).getId());

7
services/src/main/java/org/keycloak/services/resources/admin/permissions/GroupPermissions.java
View file

@ -61,7 +61,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
GroupPermissions(AuthorizationProvider authz, MgmtPermissions root) {
this.authz = authz;
this.root = root;
if (Profile.isFeatureEnabled(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ)) {
if (authz!=null) {
resourceStore = authz.getStoreFactory().getResourceStore();
policyStore = authz.getStoreFactory().getPolicyStore();
} else {
@ -96,9 +96,9 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
}
private void initialize(GroupModel group) {
root.initializeRealmResourceServer();
ResourceServer server = root.initializeRealmResourceServer();
if (server == null) return;
root.initializeRealmDefaultScopes();
ResourceServer server = root.realmResourceServer();
Scope manageScope = root.realmManageScope();
Scope viewScope = root.realmViewScope();
Scope manageMembersScope = root.initializeRealmScope(MANAGE_MEMBERS_SCOPE);
@ -221,6 +221,7 @@ class GroupPermissions implements GroupPermissionEvaluator, GroupPermissionManag
@Override
public Map<String, String> getPermissions(GroupModel group) {
if (authz == null) return null;
initialize(group);
Map<String, String> scopes = new LinkedHashMap<>();
scopes.put(AdminPermissionManagement.VIEW_SCOPE, viewPermission(group).getId());

2
services/src/main/java/org/keycloak/services/resources/admin/permissions/IdentityProviderPermissions.java
View file

@ -70,6 +70,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
private void initialize(IdentityProviderModel idp) {
ResourceServer server = root.initializeRealmResourceServer();
if (server == null) return;
Scope exchangeToScope = root.initializeScope(TOKEN_EXCHANGE, server);
String resourceName = getResourceName(idp);
@ -139,6 +140,7 @@ class IdentityProviderPermissions implements IdentityProviderPermissionManageme
@Override
public Map<String, String> getPermissions(IdentityProviderModel idp) {
if (authz==null) return null;
initialize(idp);
Map<String, String> scopes = new LinkedHashMap<>();
scopes.put(TOKEN_EXCHANGE, exchangeToPermission(idp).getId());

16
services/src/main/java/org/keycloak/services/resources/admin/permissions/MgmtPermissions.java
View file

@ -67,6 +67,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
protected RealmPermissions realmPermissions;
protected ClientPermissions clientPermissions;
protected IdentityProviderPermissions idpPermissions;
protected RolePermissions rolePermissions;
MgmtPermissions(KeycloakSession session, RealmModel realm) {
@ -203,7 +204,9 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
@Override
public RolePermissions roles() {
return new RolePermissions(session, realm, authz, this);
if (rolePermissions!=null) return rolePermissions;
rolePermissions = new RolePermissions(session, realm, authz, this);
return rolePermissions;
}
@Override
@ -251,20 +254,20 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
@Override
public ResourceServer realmResourceServer() {
if (!Profile.isFeatureEnabled(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ)) return null;
if (authz == null) return null;
if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient();
if (client == null) return null;
ResourceServerStore resourceServerStore = authz.getStoreFactory().getResourceServerStore();
realmResourceServer = resourceServerStore.findByClient(client);
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
return realmResourceServer;
}
public ResourceServer initializeRealmResourceServer() {
if (!Profile.isFeatureEnabled(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ)) return null;
if (authz == null) return null;
if (realmResourceServer != null) return realmResourceServer;
ClientModel client = getRealmManagementClient();
if (client == null) return null;
realmResourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
if (realmResourceServer == null) {
realmResourceServer = authz.getStoreFactory().getResourceServerStore().create(client);
@ -277,12 +280,14 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
public void initializeRealmDefaultScopes() {
ResourceServer server = initializeRealmResourceServer();
if (server == null) return;
manageScope = initializeRealmScope(MgmtPermissions.MANAGE_SCOPE);
viewScope = initializeRealmScope(MgmtPermissions.VIEW_SCOPE);
}
public Scope initializeRealmScope(String name) {
ResourceServer server = initializeRealmResourceServer();
if (server == null) return null;
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, name);
if (scope == null) {
scope = authz.getStoreFactory().getScopeStore().create(server, name);
@ -291,6 +296,7 @@ class MgmtPermissions implements AdminPermissionEvaluator, AdminPermissionManage
}
public Scope initializeScope(String name, ResourceServer server) {
if (authz == null) return null;
Scope scope = authz.getStoreFactory().getScopeStore().findByName(server, name);
if (scope == null) {
scope = authz.getStoreFactory().getScopeStore().create(server, name);

9
services/src/main/java/org/keycloak/services/resources/admin/permissions/RolePermissions.java
View file

@ -90,6 +90,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
@Override
public Map<String, String> getPermissions(RoleModel role) {
if (authz == null) return null;
initialize(role);
Map<String, String> scopes = new LinkedHashMap<>();
scopes.put(RolePermissionManagement.MAP_ROLE_SCOPE, mapRolePermission(role).getId());
@ -123,9 +124,9 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
@Override
public Resource resource(RoleModel role) {
ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
ResourceServer server = resourceServer(role);
if (server == null) return null;
ResourceStore resourceStore = authz.getStoreFactory().getResourceStore();
return resourceStore.findByName(server, getRoleResourceName(role));
}
@ -546,6 +547,7 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
if (server == null) {
ClientModel client = getRoleClient(role);
server = root.findOrCreateResourceServer(client);
if (server == null ) return;
}
Scope mapRoleScope = mapRoleScope(server);
if (mapRoleScope == null) {
@ -602,11 +604,6 @@ class RolePermissions implements RolePermissionEvaluator, RolePermissionManageme
return MAP_ROLE_COMPOSITE_SCOPE + ".permission." + role.getId();
}
private ResourceServer sdfgetResourceServer(RoleModel role) {
ClientModel client = getRoleClient(role);
return root.findOrCreateResourceServer(client);
}
private static String getRoleResourceName(RoleModel role) {
return "role.resource." + role.getId();
}

7
services/src/main/java/org/keycloak/services/resources/admin/permissions/UserPermissions.java
View file

@ -83,7 +83,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
this.session = session;
this.authz = authz;
this.root = root;
if (Profile.isFeatureEnabled(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ)) {
if (authz != null) {
policyStore = authz.getStoreFactory().getPolicyStore();
resourceStore = authz.getStoreFactory().getResourceStore();
} else {
@ -94,9 +94,9 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
private void initialize() {
root.initializeRealmResourceServer();
ResourceServer server = root.initializeRealmResourceServer();
if (server == null) return;
root.initializeRealmDefaultScopes();
ResourceServer server = root.realmResourceServer();
Scope manageScope = root.realmManageScope();
Scope viewScope = root.realmViewScope();
Scope mapRolesScope = root.initializeRealmScope(MAP_ROLES_SCOPE);
@ -144,6 +144,7 @@ class UserPermissions implements UserPermissionEvaluator, UserPermissionManageme
@Override
public Map<String, String> getPermissions() {
if (authz == null) return null;
initialize();
Map<String, String> scopes = new LinkedHashMap<>();
scopes.put(AdminPermissionManagement.VIEW_SCOPE, viewPermission().getId());